Private app stores: does your company need its own?

With employee-owned smartphones infiltrating the business world, IT …

From iOS and Android to BlackBerry and Windows Phone, the app store model has become the main way mobile device users find, download, and update their software. And with employees increasingly begging for access to corporate resources from smartphones and tablets, IT departments are starting to wonder whether they should jump into the app store business themselves.

"The public app store is kind of the wild, wild West," Forrester analyst Jeffrey Hammond tells Ars. Private app stores, hosted for the employees of a single business, are receiving “a lot of interest from the clients I talk to. Folks realize that self-provisioning is the long-term trend."

Private app stores are both a concession to the consumerization of IT, giving employees what they need in handsets they like, and a technology that can help IT administrators take control over how employee-owned devices are used for work. Corporate app stores are in their nascent stages today, but some big companies (notably IBM) have already built mobile stores for their own employees. Other vendors want to make private app stores accessible to businesses that don't have the staff and resources to build their own.

"One thing we don't see a lot today that will be commonplace within the next three years is just about every company [with at least 100 employees] will have their own corporate app store," predicts Dan Croft, CEO of Mission Critical Wireless, which helps businesses manage mobile deployments. Croft likens the emergence of private app stores today to intranets in the 1990s.

Private app stores won't address all the security and management concerns caused by the consumerization of IT. Nor will they, by themselves, unlock the full potential of employee-owned devices to improve productivity. But they could become an important tool for businesses that have enough employees and use cases to make the app store model a justifiable expense.

Meet the new app store, same as the old app store

Private app stores look and function much as you might expect. End users see an app store, separate from those run by smartphone backers like Apple or Google or Microsoft, from which they can download applications that their employers have developed or purchased. On the back end, IT administrators manage which employees get access to particular apps, ensure that updates are pushed out in a timely fashion, take advantage of built-in analytics tools, and even remotely delete apps from user devices when necessary.

Granting employee-owned smartphones more access to company data does carry some risk. Although a business controls what it puts in its own app store, employees can still visit malware-infected websites or download malicious applications from the regular app stores, which has particularly been a problem with the Android Market. Expanding access to corporate resources from phones and tablets also increases the chance of an employee leaking confidential data, intentionally or otherwise. Businesses will naturally want to impose restrictions, but employees may bristle if these are too onerous. To take just a single example, the question of whether it is legal (and appropriate) for businesses to remotely wipe employee phones remains unsettled.

Private app store vendor Partnerpedia's storefront for iPhone

But there is hope. New technologies can isolate the corporate and personal components of a smartphone. BlackBerry's Balance technology lets IT shops keep a user's personal information isolated from business information with separate partitions for each, for instance. Similarly, VMware has developed a hypervisor for Android phones that creates a virtual machine in which corporate data and applications are stored separately from a user's personal data and applications. If businesses get the security model right, employee-owned mobile devices can move from being treated as a threat to being treated as a valuable resource.

Big Blue shows the way

IBM is a great example. The 400,000-employee company built its own app store called WhirlWind. It was initially just for BlackBerry phones but is now being rolled out to iOS and Android devices in pilot trials. So far, 35,000 IBMers use WhirlWind, the vast majority of them from BlackBerrys. IBM started developing the concept late in 2009 and the app store, a Java-based application running on IBM's WebSphere application server and DB2 database software, was in production by late 2010. While users on different mobile platforms see their own IBM app store, with some apps being available on only one platform, the IT folks on the back end can manage them all from a single console. And each app undergoes a code review before distribution.

IBM's WhirlWind storefront on an iPad

The store connects users both to IBM-specific Web applications and to native apps that can be downloaded onto a user's device, some of which were developed by IBM itself and others by vendors who contract with IBM. Widely used programs available through WhirlWind include "Blue Pages"—a Web-based app that works a bit like a private version of Facebook—and a version of the Sametime IM app customized for IBM employees and available as a download.

In the future, the WhirlWind app store will provide more tools for performing common business tasks, like managing travel and submitting expense reports, says Bill Bodin, IBM's CTO for mobility. The store isn't just for phones, either. IBM has rolled out WhirlWind to the iPad and plans to produce a version optimized for Android tablets, too.

Naturally, the highly technical workforce at IBM has contributed numerous applications to WhirlWind.

"It's really been a great melting pot for internal applications," Bodin says. "We have dozens of applications that have been submitted by developers and our brands [vendors] alike. It's not just a grass-roots effort anymore."

IBM has moved slowly from the locked-down BlackBerry environment to one that welcomes iOS and Android. Bodin says IBM worries especially about devices being jailbroken or compromised.

"You run the risk of having a rogue application on there that accesses private data and reports and broadcasts information as it sees fit," he says. IBM is using VPNs, password requirements, and endpoint management tools for its own workforce, and is launching a hosted service for IBM customers that ensures personal devices comply with corporate security policies.